Citrix Presentation Server 'icabar.exe' Local Privilege Escalation Vulnerability
BID:30446
Info
Citrix Presentation Server 'icabar.exe' Local Privilege Escalation Vulnerability
| Bugtraq ID: | 30446 |
| Class: | Design Error |
| CVE: |
CVE-2008-3485 |
| Remote: | No |
| Local: | Yes |
| Published: | Jul 30 2008 12:00AM |
| Updated: | May 07 2015 05:25PM |
| Credit: | Wendel Guglielmetti Henrique and Intruders Tiger Team Security |
| Vulnerable: |
Citrix MetaFrame XP Presentation Server for Windows 1.0 Citrix MetaFrame XP for Microsoft Windows 2003 1.0 Citrix MetaFrame XP for Microsoft Windows 2000 1.0 Citrix MetaFrame XP 1.0 Citrix MetaFrame Presentation Server 3.0 Citrix MetaFrame XP |
| Not Vulnerable: | |
Discussion
Citrix Presentation Server 'icabar.exe' Local Privilege Escalation Vulnerability
Citrix Presentation Server (formerly Citrix MetaFrame Server) is prone to a privilege-escalation vulnerability caused by a flaw in how 'icabar.exe' is invoked via a 'Run' registry key.
Attackers can leverage this issue to execute arbitrary code with administrator privileges. Successful exploits will completely compromise affected computers.
The following products are vulnerable when running on Windows NT, Windows 2000, and Windows 2003:
Citrix MetaFrame Presentation Server 3.0 and prior
Citrix MetaFrame XP 1.0 and prior
Citrix Presentation Server (formerly Citrix MetaFrame Server) is prone to a privilege-escalation vulnerability caused by a flaw in how 'icabar.exe' is invoked via a 'Run' registry key.
Attackers can leverage this issue to execute arbitrary code with administrator privileges. Successful exploits will completely compromise affected computers.
The following products are vulnerable when running on Windows NT, Windows 2000, and Windows 2003:
Citrix MetaFrame Presentation Server 3.0 and prior
Citrix MetaFrame XP 1.0 and prior
Exploit / POC
Citrix Presentation Server 'icabar.exe' Local Privilege Escalation Vulnerability
To exploit this issue, an attacker requires write access to a directory scanned by the computer while locating 'icabar.exe'.
To exploit this issue, an attacker requires write access to a directory scanned by the computer while locating 'icabar.exe'.
Solution / Fix
Citrix Presentation Server 'icabar.exe' Local Privilege Escalation Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Citrix Presentation Server 'icabar.exe' Local Privilege Escalation Vulnerability
References:
References:
- Citrix Homepage (Citrix)
- Citrix MetaFrame Privilege Escalation (Wendel Guglielmetti Henrique
)